Thank you Amos and Alex for great help & support so far.
As per suggestions I have added lot more parameters in squid.conf for both
"http" & "tls_outgoing_options" directives:
http_port 3128 ssl-bump \
tls-cert=/usr/local/squid/etc/ssl_cert/myCA.pem \
Thank you Alex.
>Sounds good. Does the generated fake certificate contain the right origin
server name?
Sid: Yes, It does contain correct IP Address in Server name sent by client.
>Why do you expect the client to send a client certificate to Squid? In most
deployments, TLS serv
Thank you Alex for the reply.
Alex: 1. Servers never send SNI. Clients usually send SNI. Squid should
forward SNI it received from the client to the server, provided the client
actually sent SNI. Did your client send SNI?
Sid: I can see in Client Hello IP Address being sent by Client; so
Hi,
I have following Squid version installed on CentOS 7:
[root@localhost ~]# squid -v
Squid Cache: Version 4.3
Service Name: squid
This binary uses OpenSSL 1.0.2k-fips 26 Jan 2017. For legal restrictions on
distribution see https://www.openssl.org/source/license.html
configure options:
